<!DOCTYPE HTML>
<html lang="zh-CN">


<head>
    <meta charset="utf-8">
    <meta name="keywords" content="渗透漏洞测试问题汇总, brotherBB">
    <meta name="description" content="you are the owner of your career">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
    <meta name="renderer" content="webkit|ie-stand|ie-comp">
    <meta name="mobile-web-app-capable" content="yes">
    <meta name="format-detection" content="telephone=no">
    <meta name="apple-mobile-web-app-capable" content="yes">
    <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
    <!-- Global site tag (gtag.js) - Google Analytics -->


    <title>渗透漏洞测试问题汇总 | brotherBB</title>
    <link rel="icon" type="image/png" href="/daily_rocket_building/favicon.png">

    <link rel="stylesheet" type="text/css" href="/daily_rocket_building/libs/awesome/css/all.css">
    <link rel="stylesheet" type="text/css" href="/daily_rocket_building/libs/materialize/materialize.min.css">
    <link rel="stylesheet" type="text/css" href="/daily_rocket_building/libs/aos/aos.css">
    <link rel="stylesheet" type="text/css" href="/daily_rocket_building/libs/animate/animate.min.css">
    <link rel="stylesheet" type="text/css" href="/daily_rocket_building/libs/lightGallery/css/lightgallery.min.css">
    <link rel="stylesheet" type="text/css" href="/daily_rocket_building/css/matery.css">
    <link rel="stylesheet" type="text/css" href="/daily_rocket_building/css/my.css">

    <script src="/daily_rocket_building/libs/jquery/jquery.min.js"></script>

<link rel="stylesheet" href="/daily_rocket_building/css/prism-tomorrow.css" type="text/css"></head>


<body>
    <header class="navbar-fixed">
    <nav id="headNav" class="bg-color nav-transparent">
        <div id="navContainer" class="nav-wrapper container">
            <div class="brand-logo">
                <a href="/daily_rocket_building/" class="waves-effect waves-light">
                    
                    <img src="/daily_rocket_building/medias/logo.png" class="logo-img" alt="LOGO">
                    
                    <span class="logo-span">brotherBB</span>
                </a>
            </div>
            

<a href="#" data-target="mobile-nav" class="sidenav-trigger button-collapse"><i class="fas fa-bars"></i></a>
<ul class="right nav-menu">
  
  <li class="hide-on-med-and-down nav-item">
    
    <a href="/daily_rocket_building/" class="waves-effect waves-light">
      
      <i class="fas fa-home" style="zoom: 0.6;"></i>
      
      <span>首页</span>
    </a>
    
  </li>
  
  <li class="hide-on-med-and-down nav-item">
    
    <a href="/daily_rocket_building/tags" class="waves-effect waves-light">
      
      <i class="fas fa-tags" style="zoom: 0.6;"></i>
      
      <span>标签</span>
    </a>
    
  </li>
  
  <li class="hide-on-med-and-down nav-item">
    
    <a href="/daily_rocket_building/categories" class="waves-effect waves-light">
      
      <i class="fas fa-bookmark" style="zoom: 0.6;"></i>
      
      <span>分类</span>
    </a>
    
  </li>
  
  <li class="hide-on-med-and-down nav-item">
    
    <a href="/daily_rocket_building/archives" class="waves-effect waves-light">
      
      <i class="fas fa-archive" style="zoom: 0.6;"></i>
      
      <span>归档</span>
    </a>
    
  </li>
  
  <li>
    <a href="#searchModal" class="modal-trigger waves-effect waves-light">
      <i id="searchIcon" class="fas fa-search" title="搜索" style="zoom: 0.85;"></i>
    </a>
  </li>
</ul>


<div id="mobile-nav" class="side-nav sidenav">

    <div class="mobile-head bg-color">
        
        <img src="/daily_rocket_building/medias/logo.png" class="logo-img circle responsive-img">
        
        <div class="logo-name">brotherBB</div>
        <div class="logo-desc">
            
            you are the owner of your career
            
        </div>
    </div>

    

    <ul class="menu-list mobile-menu-list">
        
        <li class="m-nav-item">
	  
		<a href="/daily_rocket_building/" class="waves-effect waves-light">
			
			    <i class="fa-fw fas fa-home"></i>
			
			首页
		</a>
          
        </li>
        
        <li class="m-nav-item">
	  
		<a href="/daily_rocket_building/tags" class="waves-effect waves-light">
			
			    <i class="fa-fw fas fa-tags"></i>
			
			标签
		</a>
          
        </li>
        
        <li class="m-nav-item">
	  
		<a href="/daily_rocket_building/categories" class="waves-effect waves-light">
			
			    <i class="fa-fw fas fa-bookmark"></i>
			
			分类
		</a>
          
        </li>
        
        <li class="m-nav-item">
	  
		<a href="/daily_rocket_building/archives" class="waves-effect waves-light">
			
			    <i class="fa-fw fas fa-archive"></i>
			
			归档
		</a>
          
        </li>
        
        
    </ul>
</div>


        </div>

        
    </nav>

</header>

    



<div class="bg-cover pd-header post-cover" style="background-image: url('/daily_rocket_building/medias/featureimages/23.jpg')">
    <div class="container" style="right: 0px;left: 0px;">
        <div class="row">
            <div class="col s12 m12 l12">
                <div class="brand">
                    <h1 class="description center-align post-title">渗透漏洞测试问题汇总</h1>
                </div>
            </div>
        </div>
    </div>
</div>




<main class="post-container content">

    
    <link rel="stylesheet" href="/daily_rocket_building/libs/tocbot/tocbot.css">
<style>
    #articleContent h1::before,
    #articleContent h2::before,
    #articleContent h3::before,
    #articleContent h4::before,
    #articleContent h5::before,
    #articleContent h6::before {
        display: block;
        content: " ";
        height: 100px;
        margin-top: -100px;
        visibility: hidden;
    }

    #articleContent :focus {
        outline: none;
    }

    .toc-fixed {
        position: fixed;
        top: 64px;
    }

    .toc-widget {
        width: 345px;
        padding-left: 20px;
    }

    .toc-widget .toc-title {
        margin: 35px 0 15px 0;
        padding-left: 17px;
        font-size: 1.5rem;
        font-weight: bold;
        line-height: 1.5rem;
    }

    .toc-widget ol {
        padding: 0;
        list-style: none;
    }

    #toc-content {
        height: calc(100vh - 250px);
        overflow: auto;
    }

    #toc-content ol {
        padding-left: 10px;
    }

    #toc-content ol li {
        padding-left: 10px;
    }

    #toc-content .toc-link:hover {
        color: #42b983;
        font-weight: 700;
        text-decoration: underline;
    }

    #toc-content .toc-link::before {
        background-color: transparent;
        max-height: 25px;

        position: absolute;
        right: 23.5vw;
        display: block;
    }

    #toc-content .is-active-link {
        color: #42b983;
    }

    #floating-toc-btn {
        position: fixed;
        right: 15px;
        bottom: 76px;
        padding-top: 15px;
        margin-bottom: 0;
        z-index: 998;
    }

    #floating-toc-btn .btn-floating {
        width: 48px;
        height: 48px;
    }

    #floating-toc-btn .btn-floating i {
        line-height: 48px;
        font-size: 1.4rem;
    }
</style>
<div class="row">
    <div id="main-content" class="col s12 m12 l9">
        <!-- 文章内容详情 -->
<div id="artDetail">
    <div class="card">
        <div class="card-content article-info">
            <div class="row tag-cate">
                <div class="col s7">
                    
                          <div class="article-tag">
                            <span class="chip bg-color">无标签</span>
                          </div>
                    
                </div>
                <div class="col s5 right-align">
                    
                    <div class="post-cate">
                        <i class="fas fa-bookmark fa-fw icon-category"></i>
                        
                            <a href="/daily_rocket_building/categories/system/" class="post-category">
                                system
                            </a>
                        
                    </div>
                    
                </div>
            </div>

            <div class="post-info">
                
                <div class="post-date info-break-policy">
                    <i class="far fa-calendar-minus fa-fw"></i>发布日期:&nbsp;&nbsp;
                    2020-04-24
                </div>
                

                

                

                

                
            </div>
        </div>
        <hr class="clearfix">
        <div class="card-content article-card-content">
            <div id="articleContent">
                <h1 id="渗透漏洞测试问题汇总"><a href="#渗透漏洞测试问题汇总" class="headerlink" title="渗透漏洞测试问题汇总"></a>渗透漏洞测试问题汇总</h1><p>举例一些日常业务中，容易出现的滲透漏洞场景。</p>
<p>仅仅汇总，不做深入探讨。知道会有这么一回事（某些专业术语），遇到了再查资料即可。</p>
<p>对于前端来讲，技术常考就是 <code>XSS</code> 与 <code>CSRF</code>。相关的具体知识网上一搜一大把。推荐本人看过然后又忘掉的 2 篇：</p>
<ul>
<li><a href="https://tech.meituan.com/2018/09/27/fe-security.html" target="_blank" rel="external">前端安全系列（一）：如何防止 XSS 攻击？ - 美团</a></li>
<li><a href="https://tech.meituan.com/2018/10/11/fe-security-csrf.html" target="_blank" rel="external">前端安全系列（二）：如何防止 CSRF 攻击？ - 美团</a></li>
</ul>
<p>其余的就是从业务角度出发（业务啊，是个好东西）：</p>
<ul>
<li>敏感信息的传输加密。</li>
<li>敏感信息的泄漏。</li>
<li>数据权限。</li>
</ul>
<p>感谢拿来主义。</p>
<h2 id="举个例子"><a href="#举个例子" class="headerlink" title="举个例子"></a>举个例子</h2><h3 id="跨站-XSS-脚本漏洞"><a href="#跨站-XSS-脚本漏洞" class="headerlink" title="跨站 XSS 脚本漏洞"></a>跨站 XSS 脚本漏洞</h3><p>类型：跨站脚本漏洞</p>
<p>风险：高</p>
<h4 id="说明"><a href="#说明" class="headerlink" title="说明"></a>说明</h4><p>攻击者可以利用存在 <code>XSS</code> 漏洞的 <code>Web</code> 系统攻击浏览相关网页的用户，窃取用户会话中诸如用户名和口令（可能包含在 <code>Cookies</code> 里）等敏感信息等。</p>
<h4 id="处理方案"><a href="#处理方案" class="headerlink" title="处理方案"></a>处理方案</h4><p>建议根据系统的具体业务情况对特殊字符进行处理，如果需要输入特殊字符建议对输出的字符进行转义，如果系统业务不需要特殊字符建议在服务器端过滤掉特殊字符，或者对输出的字符进行 <code>HTML</code> 实体转义。</p>
<h3 id="跨域资源共享漏洞"><a href="#跨域资源共享漏洞" class="headerlink" title="跨域资源共享漏洞"></a>跨域资源共享漏洞</h3><p>类型：跨域漏洞</p>
<p>风险：中</p>
<h4 id="说明-1"><a href="#说明-1" class="headerlink" title="说明"></a>说明</h4><p><code>CORS</code> 与 <code>CORF</code>。（请参考开篇的文章链接）</p>
<h4 id="处理方案-1"><a href="#处理方案-1" class="headerlink" title="处理方案"></a>处理方案</h4><p>详见各大博客技术文。</p>
<h3 id="未加密的登录请求"><a href="#未加密的登录请求" class="headerlink" title="未加密的登录请求"></a>未加密的登录请求</h3><p>类型：数据加密</p>
<p>风险：中</p>
<h4 id="说明-2"><a href="#说明-2" class="headerlink" title="说明"></a>说明</h4><p>登录请求未对账号密码进行加密，容易被窃取到明文的账号密码。</p>
<h4 id="处理方案-2"><a href="#处理方案-2" class="headerlink" title="处理方案"></a>处理方案</h4><p>对账号密码进行加密传输。比较安全做法：<code>AES</code>+ <code>RSA</code> 组合，<code>AES</code> 加密传输数据，<code>RSA</code> 加密 <code>AES</code> 的密钥。</p>
<h3 id="越权访问"><a href="#越权访问" class="headerlink" title="越权访问"></a>越权访问</h3><p>类型：逻辑漏洞</p>
<p>风险：高</p>
<h4 id="说明-3"><a href="#说明-3" class="headerlink" title="说明"></a>说明</h4><p>最容易忽视的漏洞，涉及面广，几乎所有涉及传参的接口都可能出现，这里列举几个场景：</p>
<ul>
<li>通过业务 <code>ID</code> 查询业务详情信息，可以通过模拟传他人业务 <code>ID</code>，越权查看他人业务详情数据。</li>
<li>修改业务信息，可以通过模拟传他人业务 <code>ID</code> 和业务信息，越权修改他人业务数据。</li>
<li>通过手机号码/身份证查询用户相关信息，可以通过模拟传他人手机号码/身份证，越权获取他人信息。</li>
<li>管理后台通过访问看不到的菜单地址，越权查看或操作非管理范围内的数据。</li>
</ul>
<h4 id="处理方案-3"><a href="#处理方案-3" class="headerlink" title="处理方案"></a>处理方案</h4><p>无论是前台还是管理后台，都会存在越权的问题，越权问题的防护也需要结合具体的业务规则进行处理，主要的原则是在接口处通过当前登录会话信息和提交数据做判断，限制用户只能查看或操作自己权限范围内的数据。</p>
<h3 id="数据提交接口可无限重放"><a href="#数据提交接口可无限重放" class="headerlink" title="数据提交接口可无限重放"></a>数据提交接口可无限重放</h3><p>类型：逻辑漏洞</p>
<p>风险：中</p>
<h4 id="说明-4"><a href="#说明-4" class="headerlink" title="说明"></a>说明</h4><p>数据提交接口可无限重放，导致数据库产生大量冗余垃圾数据，影响管理人员正常工作，甚至 <code>dos</code> 攻击服务。</p>
<h4 id="处理方案-4"><a href="#处理方案-4" class="headerlink" title="处理方案"></a>处理方案</h4><ul>
<li>限制一个用户提交频率、对业务数据关键信息添加重复性校验。</li>
<li>通过一次性令牌限制，采用过滤器针对指定接口生成和验证一次性令牌。</li>
</ul>
<h3 id="敏感信息-url-传输"><a href="#敏感信息-url-传输" class="headerlink" title="敏感信息 url 传输"></a>敏感信息 url 传输</h3><p>类型：逻辑漏洞</p>
<p>风险：中</p>
<h4 id="说明-5"><a href="#说明-5" class="headerlink" title="说明"></a>说明</h4><p>在 <code>url</code> 传输敏感信息请求后端接口获取信息，如手机号码、身份证等，会导致用户敏感信息泄露，攻击者可通过局域网流量嗅探，获取用户敏感信息。通过请求参数控制接口返回信息的范围或是否加密的场景，容易被人利用获取到敏感信息。</p>
<h4 id="处理方案-5"><a href="#处理方案-5" class="headerlink" title="处理方案"></a>处理方案</h4><ul>
<li>尽量不传敏感信息，如必须请使用 <code>POST</code> 方式请求。</li>
<li>严格控制逻辑，涉及加密或权限的数据由后端进行控制。</li>
<li>开放给第三方调用的接口，敏感信息建议加密后传输。</li>
</ul>
<h3 id="任意信息遍历"><a href="#任意信息遍历" class="headerlink" title="任意信息遍历"></a>任意信息遍历</h3><p>类型：逻辑漏洞</p>
<p>风险：中</p>
<h4 id="说明-6"><a href="#说明-6" class="headerlink" title="说明"></a>说明</h4><p>对于参数存在规律性的接口请求，均存在遍历的漏洞，攻击者可按照规律模拟请求，会导致敏感信息的泄漏和越权问题。</p>
<h4 id="处理方案-6"><a href="#处理方案-6" class="headerlink" title="处理方案"></a>处理方案</h4><p>建议主要请求参数设置为不规律值，避免使用手机号码、身份证、工号等，业务表主键 <code>ID</code> 建议用 <code>UUID</code>，避免使用自增数值。</p>
<h3 id="短信轰炸"><a href="#短信轰炸" class="headerlink" title="短信轰炸"></a>短信轰炸</h3><p>类型：逻辑漏洞</p>
<p>风险：中</p>
<h4 id="说明-7"><a href="#说明-7" class="headerlink" title="说明"></a>说明</h4><p>攻击者可以利用该漏洞对用户进行短信轰炸，对用户进行短信骚扰。</p>
<h4 id="处理方案-7"><a href="#处理方案-7" class="headerlink" title="处理方案"></a>处理方案</h4><p>增加图形验证码，限制发送的频率。</p>
<h3 id="无有效性验证"><a href="#无有效性验证" class="headerlink" title="无有效性验证"></a>无有效性验证</h3><p>类型：逻辑漏洞</p>
<p>风险：中</p>
<h4 id="说明-8"><a href="#说明-8" class="headerlink" title="说明"></a>说明</h4><p>数据提交接口未验证手机号码和身份证的有效性，可提交虚假或不合法的手机号码和身份证，容易被利用进行攻击产生大量垃圾数据。</p>
<h4 id="处理方案-8"><a href="#处理方案-8" class="headerlink" title="处理方案"></a>处理方案</h4><p>前后端对相关对数据进行有效性验证。</p>
<h3 id="分页参数无限制"><a href="#分页参数无限制" class="headerlink" title="分页参数无限制"></a>分页参数无限制</h3><p>类型：逻辑漏洞</p>
<p>风险：中</p>
<h4 id="说明-9"><a href="#说明-9" class="headerlink" title="说明"></a>说明</h4><p>分页参数主要包括页码和每页记录数，通过修改任意数值查询列表数据，无限制，可被利用非法制造大数据量返回请求，拖垮数据库。</p>
<h4 id="处理方案-9"><a href="#处理方案-9" class="headerlink" title="处理方案"></a>处理方案</h4><p>建议对分页参数做最大限制。</p>
<h3 id="任意文件上传"><a href="#任意文件上传" class="headerlink" title="任意文件上传"></a>任意文件上传</h3><p>类型：文件处理</p>
<p>风险：高</p>
<h4 id="说明-10"><a href="#说明-10" class="headerlink" title="说明"></a>说明</h4><p>未对上传文件的类型进行限制，可被利用上传非法文件进行攻击。</p>
<h4 id="处理方案-10"><a href="#处理方案-10" class="headerlink" title="处理方案"></a>处理方案</h4><ul>
<li>建议前后端结合业务限制上传文件的类型和大小。</li>
<li>文件上传目录设置为不可执行。</li>
<li>用随机数改写文件名和路径。</li>
</ul>
<h3 id="任意文件下载"><a href="#任意文件下载" class="headerlink" title="任意文件下载"></a>任意文件下载</h3><p>类型：文件处理</p>
<p>风险：高</p>
<h4 id="说明-11"><a href="#说明-11" class="headerlink" title="说明"></a>说明</h4><p>测试人员发现，服务端的 <code>js</code> 源代码中，暴露了相应的下载接口，该接口不需要登陆即可使用，且可通过修改参数下载服务端任意文件内容。</p>
<h4 id="处理方案-11"><a href="#处理方案-11" class="headerlink" title="处理方案"></a>处理方案</h4><p>建议服务端检测参数中是否包含 ../ 相对路径，如果包含则证明为恶意请求，直接拒绝该请求。</p>
<h3 id="任意文件删除"><a href="#任意文件删除" class="headerlink" title="任意文件删除"></a>任意文件删除</h3><p>类型：文件处理</p>
<p>风险：高</p>
<h4 id="说明-12"><a href="#说明-12" class="headerlink" title="说明"></a>说明</h4><p>测试人员发现，通过暴力枚举的方式，可以得到系统删除文件的接口，该接口未对上传的文件进行校验，导致任意文件删除。</p>
<h4 id="处理方案-12"><a href="#处理方案-12" class="headerlink" title="处理方案"></a>处理方案</h4><ul>
<li>净化数据：对用户传过来的文件名参数进行硬编码或统一编码，对文件类型进行白名单控制，对包含恶意字符或者空字符的参数进行拒绝。</li>
<li>要删除的文件地址和文件路径保存至数据库中，让用户提交文件对应 <code>ID</code> 进行删除文件。</li>
<li>用户删除文件之前需要进行权限判断。</li>
<li>不允许提供跳转目录服务。建议服务端设立白名单，只允许用户删除特定后缀如 <code>.txt</code>、<code>.png</code> 等后缀的文件。</li>
</ul>
<h3 id="SQL-注入漏洞"><a href="#SQL-注入漏洞" class="headerlink" title="SQL 注入漏洞"></a>SQL 注入漏洞</h3><p>类型：<code>SQL</code> 漏洞</p>
<p>风险：高</p>
<h4 id="说明-13"><a href="#说明-13" class="headerlink" title="说明"></a>说明</h4><p>通过把 <code>SQL</code> 命令插入到 <code>Web</code> 表单提交或输入域名或页面请求的查询字符串，最终达到欺骗服务器执行指定的 <code>SQL</code> 语句。</p>
<h4 id="处理方案-13"><a href="#处理方案-13" class="headerlink" title="处理方案"></a>处理方案</h4><p>使用参数化 <code>SQL</code> 语句，避免拼接 <code>SQL</code>。</p>
<h3 id="程序错误信息泄露"><a href="#程序错误信息泄露" class="headerlink" title="程序错误信息泄露"></a>程序错误信息泄露</h3><p>类型：信息泄漏</p>
<p>风险：低</p>
<h4 id="说明-14"><a href="#说明-14" class="headerlink" title="说明"></a>说明</h4><p>后端接口报错，将异常堆栈信息详细输出了。</p>
<h4 id="处理方案-14"><a href="#处理方案-14" class="headerlink" title="处理方案"></a>处理方案</h4><p>接口服务器屏蔽输出异常信息。</p>

            </div>
            <hr/>

            

    <div class="reprint" id="reprint-statement">
        
            <div class="reprint__author">
                <span class="reprint-meta" style="font-weight: bold;">
                    <i class="fas fa-user">
                        文章作者:
                    </i>
                </span>
                <span class="reprint-info">
                    <a href="http://brotherbb.gitee.io/daily_rocket_building" rel="external nofollow noreferrer">brotherBB-Team</a>
                </span>
            </div>
            <div class="reprint__type">
                <span class="reprint-meta" style="font-weight: bold;">
                    <i class="fas fa-link">
                        文章链接:
                    </i>
                </span>
                <span class="reprint-info">
                    <a href="http://brotherbb.gitee.io/daily_rocket_building/daily_rocket_building/2020/04/24/chang-jian-de-shen-tou-lou-dong-wen-ti/">http://brotherbb.gitee.io/daily_rocket_building/daily_rocket_building/2020/04/24/chang-jian-de-shen-tou-lou-dong-wen-ti/</a>
                </span>
            </div>
            <div class="reprint__notice">
                <span class="reprint-meta" style="font-weight: bold;">
                    <i class="fas fa-copyright">
                        版权声明:
                    </i>
                </span>
                <span class="reprint-info">
                    本博客所有文章除特別声明外，均采用
                    <a href="https://creativecommons.org/licenses/by/4.0/deed.zh" rel="external nofollow noreferrer" target="_blank">CC BY 4.0</a>
                    许可协议。转载请注明来源
                    <a href="http://brotherbb.gitee.io/daily_rocket_building" target="_blank">brotherBB-Team</a>
                    !
                </span>
            </div>
        
    </div>

    <script async defer>
      document.addEventListener("copy", function (e) {
        let toastHTML = '<span>复制成功，请遵循本文的转载规则</span><button class="btn-flat toast-action" onclick="navToReprintStatement()" style="font-size: smaller">查看</a>';
        M.toast({html: toastHTML})
      });

      function navToReprintStatement() {
        $("html, body").animate({scrollTop: $("#reprint-statement").offset().top - 80}, 800);
      }
    </script>



            <div class="tag_share" style="display: block;">
                <div class="post-meta__tag-list" style="display: inline-block;">
                    
                        <div class="article-tag">
                            <span class="chip bg-color">无标签</span>
                        </div>
                    
                </div>
                <div class="post_share" style="zoom: 80%; width: fit-content; display: inline-block; float: right; margin: -0.15rem 0;">
                    <link rel="stylesheet" type="text/css" href="/daily_rocket_building/libs/share/css/share.min.css">
<div id="article-share">

    

    

</div>

                </div>
            </div>
            
        </div>
    </div>

    

    

    

    

    

    

    

<article id="prenext-posts" class="prev-next articles">
    <div class="row article-row">
        
        <div class="article col s12 m6" data-aos="fade-up">
            <div class="article-badge left-badge text-color">
                <i class="fas fa-chevron-left"></i>&nbsp;上一篇</div>
            <div class="card">
                <a href="/daily_rocket_building/2020/04/24/ji-yu-vue-cli3-da-jian-yi-ge-hou-tai-guan-li/">
                    <div class="card-image">
                        
                        
                        <img src="/daily_rocket_building/medias/featureimages/4.jpg" class="responsive-img" alt="基于vue-cli3搭建一个后台管理">
                        
                        <span class="card-title">基于vue-cli3搭建一个后台管理</span>
                    </div>
                </a>
                <div class="card-content article-content">
                    <div class="summary block-with-text">
                        
                            说明
这是转载自掘金文章 

基于vue-cli3搭建一个后台管理系统框架


感悟
n 模块目前只有 mac 或者 linux 端支持，暂不支持 windows，如果有误，还请指出，windows 模块目前支持用 nvm,以下提供一个网盘
                        
                    </div>
                    <div class="publish-info">
                        <span class="publish-date">
                            <i class="far fa-clock fa-fw icon-date"></i>2020-04-24
                        </span>
                        <span class="publish-author">
                            
                            <i class="fas fa-bookmark fa-fw icon-category"></i>
                            
                            <a href="/daily_rocket_building/categories/vue/" class="post-category">
                                    vue
                                </a>
                            
                            
                        </span>
                    </div>
                </div>
                
            </div>
        </div>
        
        
        <div class="article col s12 m6" data-aos="fade-up">
            <div class="article-badge right-badge text-color">
                下一篇&nbsp;<i class="fas fa-chevron-right"></i>
            </div>
            <div class="card">
                <a href="/daily_rocket_building/2020/04/24/kao-cha-eventloop-asyc-de-yi-dao-ti/">
                    <div class="card-image">
                        
                        
                        <img src="/daily_rocket_building/medias/featureimages/7.jpg" class="responsive-img" alt="考察 eventloop asyc 的一道题">
                        
                        <span class="card-title">考察 eventloop asyc 的一道题</span>
                    </div>
                </a>
                <div class="card-content article-content">
                    <div class="summary block-with-text">
                        
                            有趣的题目这道题目主要考察的知识点：Eventloop，顺便涵盖了一下 async/await。
看题题一：先看一道简单点的，输出结果是什么？
console.log('script start')

setTimeout(() => {

                        
                    </div>
                    <div class="publish-info">
                            <span class="publish-date">
                                <i class="far fa-clock fa-fw icon-date"></i>2020-04-24
                            </span>
                        <span class="publish-author">
                            
                            <i class="fas fa-bookmark fa-fw icon-category"></i>
                            
                            <a href="/daily_rocket_building/categories/javascript/" class="post-category">
                                    javascript
                                </a>
                            
                            
                        </span>
                    </div>
                </div>
                
            </div>
        </div>
        
    </div>
</article>

</div>



<!-- 代码块功能依赖 -->
<script type="text/javascript" src="/daily_rocket_building/libs/codeBlock/codeBlockFuction.js"></script>

<!-- 代码语言 -->

<script type="text/javascript" src="/daily_rocket_building/libs/codeBlock/codeLang.js"></script>


<!-- 代码块复制 -->

<script type="text/javascript" src="/daily_rocket_building/libs/codeBlock/codeCopy.js"></script>


<!-- 代码块收缩 -->

<script type="text/javascript" src="/daily_rocket_building/libs/codeBlock/codeShrink.js"></script>


<!-- 代码块折行 -->

<style type="text/css">
code[class*="language-"], pre[class*="language-"] { white-space: pre !important; }
</style>


    </div>
    <div id="toc-aside" class="expanded col l3 hide-on-med-and-down">
        <div class="toc-widget">
            <div class="toc-title"><i class="far fa-list-alt"></i>&nbsp;&nbsp;目录</div>
            <div id="toc-content"></div>
        </div>
    </div>
</div>

<!-- TOC 悬浮按钮. -->

<div id="floating-toc-btn" class="hide-on-med-and-down">
    <a class="btn-floating btn-large bg-color">
        <i class="fas fa-list-ul"></i>
    </a>
</div>


<script src="/daily_rocket_building/libs/tocbot/tocbot.min.js"></script>
<script>
    $(function () {
        tocbot.init({
            tocSelector: '#toc-content',
            contentSelector: '#articleContent',
            headingsOffset: -($(window).height() * 0.4 - 45),
            collapseDepth: Number('0'),
            headingSelector: 'h2, h3, h4,h5'
        });

        // modify the toc link href to support Chinese.
        let i = 0;
        let tocHeading = 'toc-heading-';
        $('#toc-content a').each(function () {
            $(this).attr('href', '#' + tocHeading + (++i));
        });

        // modify the heading title id to support Chinese.
        i = 0;
        $('#articleContent').children('h2, h3, h4,h5').each(function () {
            $(this).attr('id', tocHeading + (++i));
        });

        // Set scroll toc fixed.
        let tocHeight = parseInt($(window).height() * 0.4 - 64);
        let $tocWidget = $('.toc-widget');
        $(window).scroll(function () {
            let scroll = $(window).scrollTop();
            /* add post toc fixed. */
            if (scroll > tocHeight) {
                $tocWidget.addClass('toc-fixed');
            } else {
                $tocWidget.removeClass('toc-fixed');
            }
        });

        
        /* 修复文章卡片 div 的宽度. */
        let fixPostCardWidth = function (srcId, targetId) {
            let srcDiv = $('#' + srcId);
            if (srcDiv.length === 0) {
                return;
            }

            let w = srcDiv.width();
            if (w >= 450) {
                w = w + 21;
            } else if (w >= 350 && w < 450) {
                w = w + 18;
            } else if (w >= 300 && w < 350) {
                w = w + 16;
            } else {
                w = w + 14;
            }
            $('#' + targetId).width(w);
        };

        // 切换TOC目录展开收缩的相关操作.
        const expandedClass = 'expanded';
        let $tocAside = $('#toc-aside');
        let $mainContent = $('#main-content');
        $('#floating-toc-btn .btn-floating').click(function () {
            if ($tocAside.hasClass(expandedClass)) {
                $tocAside.removeClass(expandedClass).hide();
                $mainContent.removeClass('l9');
            } else {
                $tocAside.addClass(expandedClass).show();
                $mainContent.addClass('l9');
            }
            fixPostCardWidth('artDetail', 'prenext-posts');
        });
        
    });
</script>

    

</main>




    <footer class="page-footer bg-color">
    
    <div class="container row center-align" style="margin-bottom: 0px !important;">
        <div class="col s12 m8 l8 copy-right">
            Copyright&nbsp;&copy;
            <span id="year">2020</span>
            <a href="http://brotherbb.gitee.io/daily_rocket_building" target="_blank">brotherBB-Team</a>
            |&nbsp;Powered by&nbsp;<a href="https://hexo.io/" target="_blank">Hexo</a>
            |&nbsp;Theme&nbsp;<a href="https://github.com/blinkfox/hexo-theme-matery" target="_blank">Matery</a>
            <br>
            
            &nbsp;<i class="fas fa-chart-area"></i>&nbsp;站点总字数:&nbsp;<span
                class="white-color">4.7k</span>&nbsp;字
            
            
            
            
            
            
            <span id="busuanzi_container_site_pv">
                |&nbsp;<i class="far fa-eye"></i>&nbsp;总访问量:&nbsp;<span id="busuanzi_value_site_pv"
                    class="white-color"></span>&nbsp;次
            </span>
            
            
            <span id="busuanzi_container_site_uv">
                |&nbsp;<i class="fas fa-users"></i>&nbsp;总访问人数:&nbsp;<span id="busuanzi_value_site_uv"
                    class="white-color"></span>&nbsp;人
            </span>
            
            <br>
            
            <br>
            
        </div>
        <div class="col s12 m4 l4 social-link social-statis">














</div>
    </div>
</footer>

<div class="progress-bar"></div>


    <!-- 搜索遮罩框 -->
<div id="searchModal" class="modal">
    <div class="modal-content">
        <div class="search-header">
            <span class="title"><i class="fas fa-search"></i>&nbsp;&nbsp;搜索</span>
            <input type="search" id="searchInput" name="s" placeholder="请输入搜索的关键字"
                   class="search-input">
        </div>
        <div id="searchResult"></div>
    </div>
</div>

<script src="/daily_rocket_building/js/search.js"></script>
<script type="text/javascript">
$(function () {
    searchFunc("/daily_rocket_building/search.xml", 'searchInput', 'searchResult');
});
</script>

    <!-- 回到顶部按钮 -->
<div id="backTop" class="top-scroll">
    <a class="btn-floating btn-large waves-effect waves-light" href="#!">
        <i class="fas fa-arrow-up"></i>
    </a>
</div>


    <script src="/daily_rocket_building/libs/materialize/materialize.min.js"></script>
    <script src="/daily_rocket_building/libs/masonry/masonry.pkgd.min.js"></script>
    <script src="/daily_rocket_building/libs/aos/aos.js"></script>
    <script src="/daily_rocket_building/libs/scrollprogress/scrollProgress.min.js"></script>
    <script src="/daily_rocket_building/libs/lightGallery/js/lightgallery-all.min.js"></script>
    <script src="/daily_rocket_building/js/matery.js"></script>

    <!-- Baidu Analytics -->

    <!-- Baidu Push -->

<script>
    (function () {
        var bp = document.createElement('script');
        var curProtocol = window.location.protocol.split(':')[0];
        if (curProtocol === 'https') {
            bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';
        } else {
            bp.src = 'http://push.zhanzhang.baidu.com/push.js';
        }
        var s = document.getElementsByTagName("script")[0];
        s.parentNode.insertBefore(bp, s);
    })();
</script>

    
    <script src="/daily_rocket_building/libs/others/clicklove.js" async="async"></script>
    
    
    <script async src="/daily_rocket_building/libs/others/busuanzi.pure.mini.js"></script>
    

    

    

    

    

    

    
    <script src="/daily_rocket_building/libs/instantpage/instantpage.js" type="module"></script>
    

</body>

</html>
